File 0052-Don-t-send-passwords-after-shim-delimiter-... of Package salt.4663

Overview Repositories Revisions Requests Users Attributes Meta

File 0052-Don-t-send-passwords-after-shim-delimiter-is-found-3.patch of Package salt.4663

From 3cb03cdabaa669d2ba3dfc3198329664a41760d1 Mon Sep 17 00:00:00 2001
From: Nicole Thomas <nicole@saltstack.com>
Date: Mon, 16 May 2016 11:01:19 -0600
Subject: [PATCH 52/52] Don't send passwords after shim delimiter is found
 (#33273)

The SSH_PASSWORD_PROMPT_RE regexp used to detect if SSH is requesting a
password can be triggered if the shim is returning data to the server
with text that matches the regex, including inside JSON results. This
then results in the server unable to parse the JSON results. This
patch fixes this issue by looking for the shim delimiter in the output and
disabling the sending of passwords after the delimiter is found.

Fixes #29422.
---
 salt/client/ssh/shell.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/salt/client/ssh/shell.py b/salt/client/ssh/shell.py
index deb6519..cfef9f0 100644
--- a/salt/client/ssh/shell.py
+++ b/salt/client/ssh/shell.py
@@ -23,6 +23,10 @@ log = logging.getLogger(__name__)
 SSH_PASSWORD_PROMPT_RE = re.compile(r'(?:.*)[Pp]assword(?: for .*)?:', re.M)
 KEY_VALID_RE = re.compile(r'.*$yes\/no$.*')
 
+# Keep these in sync with ./__init__.py
+RSTR = '_edbc7885e4f9aac9b83b35999b68d015148caf467b78fa39c05f669c0ff89878'
+RSTR_RE = re.compile(r'(?:^|\r?\n)' + RSTR + r'(?:\r?\n|$)')
+
 
 class NoPasswdError(Exception):
     pass
@@ -354,6 +358,7 @@ class Shell(object):
                 stream_stdout=False,
                 stream_stderr=False)
         sent_passwd = 0
+        send_password = True
         ret_stdout = ''
         ret_stderr = ''
 
@@ -364,7 +369,10 @@ class Shell(object):
                     ret_stdout += stdout
                 if stderr:
                     ret_stderr += stderr
-                if stdout and SSH_PASSWORD_PROMPT_RE.search(stdout):
+                if stdout and RSTR_RE.search(stdout):
+                    # We're getting results back, don't try to send passwords
+                    send_password = False
+                if stdout and SSH_PASSWORD_PROMPT_RE.search(stdout) and send_password:
                     if not self.passwd:
                         return '', 'Permission denied, no authentication information', 254
                     if sent_passwd < passwd_retries:
-- 
2.10.2

Places

File 0052-Don-t-send-passwords-after-shim-delimiter-is-found-3.patch of Package salt.4663

Places